Easy VPN connection with remote side behind NAT device

Unanswered Question

Hi,


I had already read that article. There are some differences between the config in the example and the serverside runningconfig. Unfortunately I cannot find the exact problem. I will post the serverside runningconfig tomorrow and would appriciate it if you would take a peek at it.


Tanks in advance...

Marwan ALshawi Thu, 08/07/2008 - 06:24
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

try to issue the following comman

no crypto dynamic-map outside_dyn_map 20 set nat-t-disable

Marwan ALshawi Thu, 08/07/2008 - 06:51
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

have u added RRI

reverse route injuction?

shanevolpe Thu, 10/02/2008 - 06:43
User Badges:

I'm trying to do the same thing you are: Establishing a VPN using the ASA5505 when it is behind a NAT. Did you have to open/forward any ports from the NAT device to the ASA5505 to get the VPN connection working?

Marwan ALshawi Thu, 10/02/2008 - 06:50
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

if u case like


internet---nat device--ASA--internal

and the vpn on the ASA

u need first static nat or portforward from the nat device to the ASA


u need the folling ports opned and nated staticly

esp

udp 500

and mybe udp 4500

to get the tunnel established


if helpful Rate

singhsaju Fri, 10/03/2008 - 09:13
User Badges:
  • Silver, 250 points or more

Hi,

Can you enable NAT-T globally on both end ASAs and then check .



"isakmp nat-traversal 20 "



http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/ike.html#wp1052899



When NAT-T is enabled , the ESP packets,(which actually vcarries data payload) which gets blocked by PAT/NAT, gets encapsulated in UDP 4500 packets and since it now has ports it can easily pass through PAT.


HTH

Saju

Pls rate helpful posts

Actions

This Discussion